JWT Vault

Highly flexible library to manage and orchestrate JWT workflow

[![Build Status](https://travis-ci.org/sgrust01/jwtvault.svg?branch=master)](https://travis-ci.org/sgrust01/jwtvault) [![codecov](https://codecov.io/gh/sgrust01/jwtvault/branch/master/graph/badge.svg)](https://codecov.io/gh/sgrust01/jwtvault) [![Version](https://img.shields.io/badge/rustc-1.39+-blue.svg)](https://blog.rust-lang.org/2019/11/07/Rust-1.39.0.html) ![RepoSize](https://img.shields.io/github/repo-size/sgrust01/jwtvault) ![Crates.io](https://img.shields.io/crates/l/jwtvault) ![Crates.io](https://img.shields.io/crates/v/jwtvault) ![Crates.io](https://img.shields.io/crates/d/jwtvault) ![Contributors](https://img.shields.io/github/contributors/sgrust01/jwtvault)

Examples | Website | Chat

TODO

Features

Quickstart

Prerequisite:

shell script
 $ curl https://raw.githubusercontent.com/sgrust01/jwtvault/master/generate_certificates.sh > ./generate_certificates.sh

shell script
 $ chmod 700 generate_certificates.sh && ./generate_certificates.sh

```rust use jwtvault::prelude::*; use std::collections::HashMap; use std::collections::hashmap::DefaultHasher; use futures::executor::blockon;

// User: John Doe let user_john = "john_doe"; let password_for_john = "john"; // User: Jane Doe let user_jane = "jane_doe"; let password_for_jane = "jane"; // load users and their password from database/somewhere users.insert(user_john.to_string(), password_for_john.to_string()); users.insert(user_jane.to_string(), password_for_jane.to_string()); let loader = CertificateManger::default(); // Initialize vault let mut vault = DefaultVault::new(loader, users); // John needs to login now let token = block_on(vault.login( user_john, password_for_john, None, None, )); let token = token.ok().unwrap(); // When John presents authentication token, it can be used to restore John's session info let server_refresh_token = block_on(resolve_session_from_client_authentication_token( &mut vault, user_john, token.authentication(), )); let server_refresh_token = server_refresh_token.ok().unwrap(); // server_refresh_token (variable) contains server method which captures client private info // which never leaves the server let private_info_about_john = server_refresh_token.server().unwrap(); let key = digest::<_, DefaultHasher>(user_john); let data_on_server_side = private_info_about_john.get(&key).unwrap(); // server_refresh_token (variable) contains client method which captures client public info // which is also send back to client assert!(server_refresh_token.client().is_none()); // Check out the data on client and server which are public and private respectively println!("[Private] John Info: {}", String::from_utf8_lossy(data_on_server_side.as_slice()).to_string()); // lets renew authentication token let new_token = block_on(vault.renew( user_john, token.refresh(), None, )); let new_token = new_token.ok().unwrap(); // When John presents new authentication token it can be used to restore session info let result = block_on(resolve_session_from_client_authentication_token( &mut vault, user_john, new_token.as_str(), )); let _ = result.ok().unwrap();

Workflows

To begin use login with ***user*** and ***password***

Upon successful login is provides user will be provided with JWT pair (authentication/refresh)
Authentication token is then provided to access any resources
Refresh token is used to renew an authentication token upon expiry

Use resolve_session_from_client_authentication_token with ***user*** and ***authenticationtoken*_ to restore user session

Use renew with ***user*** and ***refreshtoken*_ to generate new authentication token

Use logout with ***user*** and ***authenticationtoken*_ will remove all tokens associated with the user